Headline
GHSA-8gqj-226h-gm8r: Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response.
Am I Affected?
You are affected by this SAML Attribute Smuggling vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using
passport-wsfed-saml2, - A valid SAML Response signed by the Identity Provider can be obtained
Fix
Upgrade to v4.6.4 or greater.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-46573
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
Critical severity GitHub Reviewed Published May 6, 2025 in auth0/passport-wsfed-saml2 • Updated May 6, 2025
Package
npm passport-wsfed-saml2 (npm)
Affected versions
>= 3.0.5, <= 4.6.3
Overview
This vulnerability allows an attacker to impersonate any user during SAML authentication by tampering with a valid SAML response. This can be done by adding attributes to the response.
Am I Affected?
You are affected by this SAML Attribute Smuggling vulnerability if you are using passport-wsfed-saml2 version 4.6.3 or below, specifically under the following conditions:
- The service provider is using passport-wsfed-saml2,
- A valid SAML Response signed by the Identity Provider can be obtained
Fix
Upgrade to v4.6.4 or greater.
References
- GHSA-8gqj-226h-gm8r
- auth0/passport-wsfed-saml2@e5cf3cc
Published to the GitHub Advisory Database
May 6, 2025